CloudWatchLogs / Client / put_resource_policy

put_resource_policy#

CloudWatchLogs.Client.put_resource_policy(**kwargs)#

Creates or updates a resource policy allowing other Amazon Web Services services to put log events to this account, such as Amazon Route 53. An account can have up to 10 resource policies per Amazon Web Services Region.

See also: AWS API Documentation

Request Syntax

response = client.put_resource_policy(
    policyName='string',
    policyDocument='string'
)
Parameters:

  • policyName (string) – Name of the new policy. This parameter is required.

  • policyDocument (string) –

    Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.

    The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace "logArn" with the ARN of your CloudWatch Logs resource, such as a log group or log stream.

    CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys.

    In the example resource policy, you would replace the value of SourceArn with the resource making the call from Route 53 to CloudWatch Logs. You would also replace the value of SourceAccount with the Amazon Web Services account ID making that call.

    { "Version": "2012-10-17", "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs", "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ] }, "Action": "logs:PutLogEvents", "Resource": "logArn", "Condition": { "ArnLike": { "aws:SourceArn": "myRoute53ResourceArn" }, "StringEquals": { "aws:SourceAccount": "myAwsAccountId" } } } ] }

Return type:

dict

Returns:

Response Syntax

{
    'resourcePolicy': {
        'policyName': 'string',
        'policyDocument': 'string',
        'lastUpdatedTime': 123
    }
}

Response Structure

  • (dict) –

    • resourcePolicy (dict) –

      The new policy.

      • policyName (string) –

        The name of the resource policy.

      • policyDocument (string) –

        The details of the policy.

      • lastUpdatedTime (integer) –

        Timestamp showing when this policy was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

Exceptions

  • CloudWatchLogs.Client.exceptions.InvalidParameterException

  • CloudWatchLogs.Client.exceptions.LimitExceededException

  • CloudWatchLogs.Client.exceptions.ServiceUnavailableException